In preparation for the World IPv6 Launch tomorrow, Vint Cerf, Chief Internet Evangelist at Google, and a founding father of the Internet, discusses the next version of the Internet, and why we need it.

“When the Internet launched operationally in 1983, no one ever dreamed that there might be billions of devices and users trying to get online. But like a telephone network that is running out of phone numbers, the current Internet is running out of IP addresses, and if we don’t roll out Internet Protocol v6 (IPv6), we won’t have the room we need to grow and the Internet would become tangled, unsafe and unsustainable.”

As we approach World IPv6 Launch tomorrow, I thought it prudent to share the below described incident that iDefense recently observed. This incident illustrates the disruptive capability of IPv6 in action and also prompted me to think about what IT professionals need to do to help make sure their network infrastructure is ready for the impending launch of IPv6.

During a recent incident, attackers compromised an organization’s network and were able to activate the IPv6 protocol on the organization’s routers. In this case, as in many enterprises, network and security engineers were not fully monitoring IPv6 traffic within their networks. By using IPv6, the attackers that caused this incident flew completely under the radar and were able to transmit their stolen data unnoticed.

Cases such as these present one of the greatest risks to organizations, but have gone mostly unreported. They also call to light how important it is for administrators to actively monitor IPv6 traffic in their networks just as robustly as IPv4 traffic to better understand specific IPv6 attack vectors and traffic characteristics.

Even if an organization is not planning to implement IPv6, it is in their best interest to deal with IPv6 traffic exposures as soon as possible, as they may already have devices, operating systems and transitional configurations in place on their networks that can make them susceptible to cyber criminals.

The following are some best practices for handling the transition to IPv6 no matter what your migration plan is:

Begin monitoring networks for IPv6 traffic now.

If you’re not monitoring for IPv6, turn off IPv6 everywhere to ensure that there are not any unknown paths through an organization’s network. This includes turning off IPv6 interfaces and tunneling protocols.

Begin thinking about what is required to build the security that organizations need to use IPv6 within the application layer.

Do an IPv6 pilot on a small portion of the network, potentially using a transitional technology.

Develop a plan to transition an entire network to IPv6 incrementally.

Execute the plan once it’s ready but execute quickly once committed to avoid vulnerabilities.

Acquire and test IPv6-aware monitoring and assessment tools.

Has your organization started actively planning for the launch of IPv6?

In anticipation of World IPv6 Day — June 6, 2012 — Nominum, the worldwide leader in integrated DNS-based applications and solutions for service providers, today released results of a survey of the world’s leading ISPs regarding their plans and concerns regarding the transition from IPv4 to IPv6.

Nominum surveyed 67 top ISPs throughout North America, Japan, Europe and Latin America with a combined reach of 110 million households. The survey found that 97 percent of these ISPs have either already implemented or plan to implement IPv6. From that group:

23 percent have already done so

35 percent say they plan to do so in 2012

39 percent say they plan to implement IPv6 in 2013 or later

The survey revealed major regional differences in IPv6 deployment plans:

Every Japanese ISP surveyed has deployed IPv6

Only 25% of North American respondents have deployed IPv6, but 100% plan to by year-end

Just 48% of European respondents plan to deploy IPv6 by year-end

Only 20% of Latin American ISPs plan to deploy IPv6 by year-end

European ISPs appear to have the greatest risk of not making the transition in time since under current policies the Regional Internet Registry for Europe (RIPE NCC) is projected to run out of IPv4 addresses later this year.

Not surprisingly, accommodating new subscriber growth was the number one business reason given for making the change to IPv6. However, most ISPs are not looking beyond software support and interoperability testing to uncover key business benefits associated with IPv6, such as:

Customer Loyalty: IPv6 provides for a better experience accessing popular connection-intensive contents, such as Facebook and Google Maps, as well as better peer-to-peer gaming and personal cloud applications.

Network Efficiency: Protocol improvements such as better multi-cast support and larger packet sizes enable high performance applications and lower overhead for high performance data transfers for video and cloud access.

“IPv6 represents the biggest change in IP Networking since the start of the Internet. Most people know it is a necessity to keep the Internet moving and growing, but don’t realize how it can be used to improve our favorite applications. It also presents a huge opportunity for operators, content providers and enterprises to harness powerful business benefits associated with the ‘new’ Internet,” said Craig Sprosts, leader of Fixed Broadband Solutions for Nominum. “Things like increased customer loyalty, higher network efficiency and reduced costs are all powerful reasons to make the IPv6 transition. IPV6 presents a viable solution for continued Internet growth, sustainable provider success, and positive user experience.”

The survey also revealed surprising results regarding the transition mechanisms planned for IPv6. Despite the extra expense associated with customer premise equipment, 80 percent of ISPs surveyed say they plan to use a native dual-stack transition mechanism for their roll outs as opposed to carrier-grade NAT and other such technologies. Dual-stack technology helps ISPs to make smarter use of their existing address space while moving the Internet forward by supporting native IPv6 and the benefits it provides.

To help optimize broadband service quality and launch new applications, fixed broadband and mobile service providers rely on Nominum’s three-tiered architecture: the engines, which make networks faster and more efficient; platforms, which increase business agility; and applications, which increase competitive differentiation. More than 500 million Internet users depend on Nominum-powered networks around the world every day.

The time for dress rehearsals is over. This time we are going live. On June 6, thanks to the sterling efforts of the world’s leading content providers, Internet access providers and home equipment manufacturers, there will be real IPv6 (Internet Protocol version 6) traffic on the global Internet. And unlike the test flight a year ago, it will be for more than just a day. Next week, the Internet world as we know it will change forever.
Complete info at NewEurope.

You can choose two options: (FULL) which will enable IPv6 on all subdomains that are CloudFlare Enabled, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g., www.ipv6.yoursite.com). You do not need to change any of your DNS settings. After it is up and running, you can test your IPv6 compatibility and get a badge for your site.

Cloudflare is providing the Automatic IPv6 Gateway for free to all CloudFlare users.